AWS Tutorial | Subtitles in Arabic, French, Hindi, Portuguese, Russian, Spanish, Telugu, Turkish

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Welcome back! Let's start with what AWS is.   Essentially AWS is a cloud service provider.  There are other cloud service providers as well.   For example, Microsoft Azure and Google Cloud are the famous ones. AWS is a cloud service provider   and its architectural underpinning is based on the cloud computing. Cloud computing is so pervasive   nowadays if we pay little attention we can find  so many examples of it in real life. I will talk   about cloud computing in more detail later in the  course. But to give you a general idea the word   cloud in cloud computing is used as a metaphor for the Internet. Thus the term cloud computing   refers to internet-based computing. In cloud  computing, computing resources such as servers,   storage, network, and software applications are delivered over the Internet. So now we   know that AWS is a cloud service provider. In other  words, AWS provides services over the Internet. In a broader term, AWS provides almost all kinds of  services such as infrastructure, platform, software,  analytic, machine learning, and many  other types of services over the Internet.   To understand further, what AWS is; let's  see some interesting use cases of AWS.   Did you know how Netflix is streaming videos all over the world with low latency? Netflix is using   AWS to achieve its low latency performance. Have you ever wondered how Twitter is able to scale   its distribution of content worldwide? Twitter is  using AWS platform to scale its distribution   of content worldwide. Did you happen to know  how NFL is leveraging AI and machine learning   to predict and prevent injury in games? NFL is leveraging AWS machine learning   and AI services to predict and prevent injury in games. Now we have seen a few use cases of AWS.   Continuing further on what AWS is. Let's talk about AWS in terms of its customers. AWS has over   a million customers all over the world. Talking about companies which are using AWS, here are   some well-known organizations having spending on  AWS. Facebook, BBC News, ESPN, LinkedIn, GE, and Apple.   Now before moving to the next video, let's see how AWS compares with the   other cloud providers, This is the Gartner chart of 2020. it gives a clear picture of   different cloud providers in terms of completeness of vision and ability to execute. In this chart   the x-axis represents the completeness of vision and the y-axis is for the ability to execute. You can notice   Amazon Web Services is the leader on both axes.  Microsoft is on the second, and Google is on third; and other cloud providers such as Oracle and  IBM are way behind. This was a brief about what   AWS is. In the next video, we will see different  categories of services AWS offers which as you   will see AWS covers almost all types of services which is possible. So let's meet in the next video. Welcome back! In this video, we will talk  about different types of services AWS offers.   AWS offers almost all types of services possible. The service categories which we   will follow, they are not in any particular order. They are in an arbitrary order. That being said, Let's start. First, AWS offers many services for analytics needs. AWS offers services for   augmented reality and virtual reality. It has services in the blockchain category. AWS offers   services in the containers category as well, for example, services for setting up Docker. it has   many service offering for database needs on cloud. In other words, you can quickly set up a database on   AWS. It has many services to handle DevOps types of work. It has many services for game development. it has many services in the Internet of Things category. It has many services   in the machine learning category, which is a very demanding area nowadays. It has services for   quantum technologies. AWS has services for robotics as well. It also has services for satellite-related   work. And finally, it has services related to  security identity and compliance types of needs. Welcome back! Now we got a good understanding  about what AWS is, and the types of services, it offers.  Let's try to understand AWS  advantages which would help us   rationalize, why AWS has become so popular and useful platform in the computing world. One of   the advantages AWS services or any cloud sources  for that matter are available over the Internet,  which is a huge advantage as we don't have  to buy or maintain any special hardware   to use AWS. Another advantage is cost savings. AWS's pricing model is based on pay for what you use.   This cuts down a lot in cost in many use cases.  Particularly in use cases where we don't need to   fully utilize the bought resources. In other words  resources are ideal for the majority of the time.   Let's see some use case examples to get  better idea about cost savings advantage.   Say our business sells gift items only related to Valentine's Day. Then, running our   online store on high-end web servers with auto  scaling and load balancer throughout the year   would find it difficult to make a profitable business. On the other hand, if we can leverage   AWS, we will only pay for the services we use; thus, having a potentially profitable business.  Leveraging cloud computing platform such  as AWS with the pay-for-what-we-use pricing model   saves huge in cost; as we only pay for what we use. This pay for what we use pricing model is very   cost-effective, and becoming the new paradigm in the computing world. In another example,   suppose we need some special servers to work on  some urgent proof of concepts aka POC type of   work to add some features in our product, which our competitor doesn't have. And say after POC is   complete, we don't need the computing resources.  In this business use case, instead of buying and   setting up the servers, if you can leverage  AWS, we will only pay for the services we use   which is the price for running the virtual servers on AWS. So using AWS would lead us to cost savings.   Additionally, it saves time as well. Since  setting up networking security permissions etc   are relatively much easier, and more robust on  AWS. Not only cost savings it's also easy to   use as well. With AWS, we can provision and  manage all sorts of computing resources   with various choices using AWS web console, AWS mobile apps, AWS command-line interface   and AWS APIs. For example, we can provision virtual  Linux machine on-demand within a few minutes.   And de-provisioning is also very  similar; we can de-provision or unwind  provisioned resources in a similar fashion  how we provisioned the computing resources.  To recap; AWS advantages --- it's available over the  Internet, so no extra setup is required to use AWS.   It saves cost and time, and it's easy to use.  So let's summarize; at a high level what AWS is.   Having over a million active customers  all over the world, and readily available   all kinds of cloud sources over the Internet, along with a pay-for-what-you-use pricing model, and   with ease of use, AWS has become not only a secure  a modern platform to build and deploy and run almost   all kind software applications, but also to procure, deploy, and manage IT infrastructure as well,  with time and cost-efficiency. Today AWS  provides highly reliable scalable and low   cost cloud services, and thus has become a  very popular and useful computing platform. Welcome back! many of the AWS certification exams  are designed for AWS developers who have hands-on   experience working with AWS. That being said, you  will need an AWS account in order to have working   experience with AWS services. In this video, we will  learn about opening an AWS account and setting up a   budget alarm. Let's go to aws.amazon.com and click  on create an aws account, this will take you to the   signup page. Here enter an email address; please make  sure you provide the correct email address as this   will become your AWS user id, enter password,  re-enter password. Provide AWS account name;   this will be used on AWS billing; you can change it later. And, click on continue now. On this   page it asks if this account is for business or a personal account. I will select personal   as I'm setting it for my personal use. If I was  creating an AWS account for my organization,  I would select business. Now here I will enter  details; full name, phone number, and address.   Then i will check the customer agreement checkbox.  You can read the details before checking the check   box. Then i will click on the continue button. On  this page, I will enter billing information and   then click on verify and continue. This will take  you to the page where it asks for mobile number   or voice call for verification. I will check the text  message option so I need to enter a phone number.   Enter captcha which would help identify  if the bot is trying to create an account,   And then click on send message. Next page I will enter the code which i got in my mobile.   Okay -- it's verified. Now on this page, it asks  which type of support plan you would like to have.  Mostly for learning or trying out  services for preparing certification exams,   the basic support option is sufficient as it is free. Essentially in basic support  plan, you will leverage database documentation to get help if you get stuck. In my personal   experience the basic support is fine for  learning or preparing for certification exams.   The developer support option you need if you need  to contact someone in AWS to get support to help   solve your AWS issue. Essentially in this option  you create a support ticket and your ticket will   be handled by AWS support team. The business one is  used by businesses which are using aws to get help   on their aws issues. Now your account is set up and  you can log in. Very first thing you will do; you   will set up a budget alarm to help keep your AWS  bills within your budget. For preparing for an AWS  certification exams you'll be mostly using services given in the AWS Free Tier. AWS Free Tier is a feature   provided by AWS to try out and learn AWS services  free of cost for some time. However, in some cases   the Free Tier will not be sufficient. For example,  my aws bill for preparing certification exam   was around $15.00. That being said, let's go-ahead to set up the budget alarm. In the search bar   type billing, this will take you to the billing dashboard. Here click on the budget link you will   get the AWS budget page. Click on the create budget. Here select budget type which is cost budget.   Click next and for the period I will select  monthly and for the budget effective date, I will select recurring. I will set the starting  month and the budget amount I will enter one   dollar. Once again typically for preparing a debit  certification exams you will be mostly using   services given in the AWS Free Tier. However  in some cases, the Free Tier will not be sufficient.  For example, if you would like to try out  services which are not in the AWS Free Tier. So by setting a budget amount, you make sure to get some sort of notification such as email or text   depending on what you have configured. This  will help you to keep your AWS bills   within your budget. Next enter budget name, and  enter threshold. I usually enter 80 percent. Now   enter email, where you get a notification. Please  make sure you provide the correct email address.  Click on the create budget, and your AWS budget will be created. So with this budget setup, you will get an email notification if your bill is  exceeding threshold which you have set up. Welcome back! This video talks about free  which is considered to be a powerful word   in sales and marketing. In this video we  will get an understanding about AWS Free Tier   as you can learn or practice many AWS  services free of cost by using AWS Free Tier. So what is AWS Free Tier? AWS Free Tier refers  to limited free use of AWS platform and services.  AWS Free Tier offers as means for new  users to gain free hands-on experience   with AWS platform and services. You can learn a  lot about AWS using its services in Free  Tier. There are three types of offers available in Free Tier. The first one is always free.   Always free offers do not expire and are available to all aws customers. The next is 12 months   free. In this type of offer, you will get 12  months free after initial sign-up with AWS.   And the last one is trials. In this type of  offer, you will get short term free trials,   which starts from the date you activate a service. Now let's visit the AWS Free Tier   page to find out more details about it. Let's  go to google.com and search for aws feed here   select the link which says aws feed here  and select the one which is which says   aws.amazon.com as this is the url of aws so now  we are on aws free tier page first thing if you   notice is that it talks about types of offers  and it says explore more than 100 products and   start building on aws using the free tier and then  it talks about three different types of offers the   first one is always free which do not expire and  the next one is 12 months free which is free for   12 months following your initial sign-up  date to aws and the last one is trials which   is short-term free trial offers and it start  from the date you activate a particular service   now the question is how will you know which  searches are in free tier and of which type   so you can use filter by clause given on  this page for example if you are looking for   services which are 12 months free you check the  12 months free box and you will get the services   which are free for 12 months same way if you if  you're looking for services which are always free   you check the always free checkbox and you  will get the service which are always free   and same concept applies for trials as well if  you check the trials check box you will get the   services which are free on short term trials one  important point to note is that read the details   about what is included as a free in the service  for example for amazon s3 it is in free tier and   it is 12 months free and it says you will get 5  gig of standard storage 20 000 get requests and   2 000 put requests now if you scroll down on this  page there is a faq section and there is a billing   section and some related stuff so you get the idea  that providing different types of free offers aws   is encouraging its customers to learn its services  in summary aws free tier enables its customers to   acquire practical knowledge about aws platforms  and services by reducing the cost of learning   and there are three types always free short term  free trial and 12 months free in my experience   12 months is very common one as you will  experience when you start using edible services   welcome back this is an important topic in this  we will talk about best practices for the aws   root account which is very important for the  security and safety of your aws root account   before getting to know about the best practices  for the aws root account let's try to understand   why this topic is important let's google aws  account compromise right so we are getting so many   results but i would like to share with you uh this  one let me open the new window and go to this url   the story is i was built for 14 000 usd on amazon  web services you can read about it but in short he   checked in aws credentials on github which led  to hacking of his aws account hacker launched   ec2 instances and he was built for around 14 000  usd good news is that aws support team was helpful   to resolve his issue the key point to note it down  from this story is that to have aws root account   extremely secure and do not leak or expose  your aws account password and access key   now let's go through the aws best practices  for edibles root account so here are the   best practices for the aws root account do not  share your root account and password with anyone   secure your root account by  multi-factor authentication   do not use root account user id to login as this  highly privileged account using group account   for regular use can increase the security risk  of the account that being said create another   account and use this account for regular use the  key takeaway is to have aws root account or any   aws account for that matter extremely secure and  do not leak or expose your aws account password   and access keys with that let's meet in the next  video where we will learn how to secure your   aws account by adding additional protection  which is called multi-factor authentication   welcome back in this video  i will show you how to add   multi-factor authentication to increase  security of your aws account let's log into aws   and now click on my security credentials  which is under your account name   and then click on multi-factor authentication  and then click on activate mfa here there are   three choices i think it's better to go about all  these choices in brief to have better rational   about appropriate selection choice in aws you can  assign mfa to an user account in three ways first   one is virtual mfa device next one is using utf  or universal two-factor security key and the third   one is using hardware mfa device now the first  one is virtual mfa device it's easy to set up   you can install authenticator apps such as google  authenticator one password microsoft authenticator   on your mobile device and use the code generated  on the app to log in along with the password   now the question is how secure it is it is secure  but it is also has potential for security risk but   not as weak as using sms for mfa as you know sms  is another two factor authentication mechanism   but in sms text is transmitted unencrypted  so as you can see sms is more weaker compared   to authenticator app for mfa there is an  interesting blog about the google authenticator   about how securities if you scroll down there is  a paragraph and this it says and in the drawback   of google authenticator that reader pointed  out is no passcode or biometric lock on the app   and the ease of access to the app seems to allow  malware to steal two fa codes directly from google   authenticator giving you yet another reason to  dump the app as you can see based on this blog   google authenticator is not extremely secure so  if you need very strong security then virtual mfa   device may not be right choice for you now let's  see the other option which is universal two-factor   mfa in brief so utf is a sort of form of universal  two-factor authenticator apps while it's safer   than two-factor authentication via sms it's not as  secure as using universal two-factor device utf is   a type of mfa device once you enable it using the  instructions that follow you just tap it on the   device when prompted to securely log in tapping  helps make sure some human is locking not a robot   basically it is based on rsa which as you might  know rsa is a public private key cryptography   but the concept is very cool utf device key and  hardware of the computer are used to generate keys   if someone gets your u2f device they can't use it  to log into your site as nothing is stored on the   utf device they can use it that device however for  themselves to log into sites but not on your site   the only drawback is if you lost your device then  you need to have some backup system to log into   the last option to use mfa in aws is using  hardware mfi device the concept is very   similar to secure id if you have used it you  register the device and then when prompted enter   the token generated on the device i will not go  into detail as this is beyond the scope of this   course but you can read it about it on the web i  will share a link i found worth going through if   you are interested to know about this option into  more detail so now you are the idea of all three   options as you can see the first one is relatively  not as secure as the other two are but the first   one is quick and easy to set up just install any  mfa authenticator app on your mobile or computer   and you are ready to use mfa using virtual  device so i will click here on continue   next what i will do since i already  have google authenticator installed   what i will do i will scan the code let me scan  the code so first i have to click on so qr code   and then then let me scan the code since i  already have google authenticator installed   so i can scan the code okay the code is scanned  so now what i'll do now here it asks about   two consecutive mfa codes so let  me add two consecutive codes here   okay now i'll click on sign mfa and uh now it says  that you have successfully assigned virtual mfa   what has happened is mfa has been added to my  root account right so my account is relatively   much secure as just having a password so i  think with this demo you understood how to um   assign multi-factor authentication using virtual  device to your aws account with this now we will   meet in the next video where i will show  you how to create aws user and i'll show   you how to create access keys which are  required to access aws programmatically welcome back in this video you will  learn how to create iem user and how   to generate secret key and access key which  are required to access aws programmatically   you will also learn how to attach policy to an iem  user and how to delete an iem user this is very   useful and important topics so let's go to  straight to aws management console to log into   aws and create an iem user so i'm on the aws  management console let's log into aws account   click on sign into the console so i'm logged  in if you notice since i was already logged in   earlier so the browser got the login details from  the cookie directly in your case you may have to   enter your user id password and mfa if you have  set up mfa okay since i need to add im user   i need iem service okay which is identity and  access management service quick way to find the   service is to type service name in the search  area okay and that way you can get im service   or you can find it from the recently visited  services for example you see that iem services   listed here because i have used it earlier since i  would like to show you how to search for services   as well i will use the search bar okay so i will  type iem here and uh and then click on im okay   now i am on the iem service homepage whenever  you need to create an aws user you will use   iem service okay in aws to create any  user you will have to use iem service okay   click on users i already have couple of users here  i will click on add users button to add a new user   enter username i will give this user a john doe  user id okay this is just demo user to show you   how to add iem user i will delete this user  later okay the next is select aws access type   i will check both boxes first one  is for the programmatic access   checking this option will also generate and  enable an access key id and secret access key   these keys are needed if you need to interact  with aws programmatically using awc api cli sdk   and other development tools okay for example  you need these keys if you are using awcli   which is aws command line interface aws clie  is primarily used by aws devops engineers okay   these keys are also needed if you are using  aws sdk which is aws software development kit   aws sdk primarily used by aws developers who  are building software using edibles apis okay   the main point here is that if you are adding new  user and if this user will have a device developer   or devops type of role have programmatic access  option checked okay so i will check this option   and the other one is for aws management console  access uh this is very typical and common way to   access aws and most aws users are comfortable  with this option so it is okay to have this   option checked in most situations so let me check  this option okay the next option is about console   password which will be used for this user to log  into aws management console please note when using   aws api you will be using your account access keys  which is aws access key and editable secret key   okay i will have this option checked if your  admin and creating user for someone else   usually will use this auto generated password and  have this option checked okay you can also add   a custom password means not a auto generated one  next is a required password reset checkbox i will   leave as it is means checked that way device will  force to create a new password at the next sign in   okay click on next button which is about  permissions here click on attach existing policies   and select administrator access policy so  that this new user will have admin access   privilege to this account aws have many existing  policies as you can see here which you can attach   to an iem user so what is high-end policy impulse  is a set of iem permissions okay awsim policy is   a typical software engineering pattern related  user management using this concept instead of   assigning each individual permissions separately  you will create a policy and assign permissions   to that policy and attach that policy to the  user okay so the policy abstraction as an   indirection makes permissions management easier  for a user okay so let's move on i will cover   i am in much detail in iem  lesson okay next click on tags okay i'm not creating any tag for this user  so as this is optional basically you can add   here user email address job title etc okay next  click on review button okay if you notice here   user name it was access type console password  type auto generator all these things that we did   it's mentioned here the important thing here is  that there are two policies attached to this user   one is administrator access another one is iem  user changed password policy why this has come   because uh this is added as we chose the  option for auto generated password okay   next click on create user button now the user  has been created as you can see since i have   selected programmatic access access key id and  secret access key is generated here and since i   selected option for auto generated password  the user password is generated as well okay   i will note down the password and download the  access keys okay the newly created user will   also get an aws management console url as you can  see here screens are celebrated with management   console access as well okay so this url is also  provided by aws here let me copy this url okay and let me close this since  this user has been created so now the user as you can see this user has  has been created now let's see if it works   okay so i'll open a new tab okay i will paste  the url for this user okay here i have to enter   iem username which is john doe okay and i will  enter the password which was auto generated okay let me enter password here okay it says it  was auto generated password it is asking   to change the password okay first i will  enter old password means existing password   okay and then i will enter new password okay confirm password change as you can see that uh  this user was successfully able to log in okay   so this is what i logged in so suppose that if you  would like to delete this user go to im service   again and this time i will select im service from  here okay and then i will go to users okay so you   can see the john doe user is listed here and then  next select this user and click on delete and now   enter this user id here click on delete and you  can see that user john do has been deleted okay   i think now you understood how to create an  ie user and how to delete an iem user okay welcome back so far you have seen  i'm accessing aws using its ui   this ui is called aws management console  aws management console is very powerful ui   in fact we can perform many aws operations on  the aws platform without doing any programming   or having to know its low level apis that  being said if you are developer or devops   just accessing aws using its ui would be a little  less what you may be looking for i think you would   be interested to know if aws can be accessed in  other ways as well well aws can be accessed in   three ways one is aws management console which  you've already seen which is basically aws ui the other one is using a wcli which is aws  command line interface awcli is very useful for   devops engineers who would like to access aws  from command line to be more productive or to   automate back-end processes such as launching  or terminating aw services without using its   management console and the other one is using  aws sdk which is aws software development kit   aws sdk is very useful for aws developers  who would like to develop program on adobe's   platform using its apis for example if you would  like to develop chat application or aws you can   uh you would leverage aw sdk in that case aws has  sdk in almost all mainstream programming languages   it has sdk in java python nodejs.net ruby php c  plus plus and go and javascript as well the aws   sdk is used mainly by aws developers i think  you got the general idea now that aws can   be accessed not only using this management  console but also using its cli and its sdk welcome back this video is about  aws global cloud infrastructure   which is the backbone of aws now let's go to  the aws global cloud infrastructure web page   to get more detail about it so this is the  web page of aws global cloud infrastructure   as you can see here it says that it is most  secure extensive and reliable global cloud   infrastructure for all your applications right  so the important point here is that whether you   need to deploy replication workloads across the  globe in a single click or you want to build   and deploy specific applications closer to your  end users with single digit millisecond latency   right this is important point with single digit  millisecond latency it is provides you the cloud   infrastructure where and when you need it right so  you can read uh for the detail on this webpage but   we'll shortly visit some of this part okay so to  revise the aws global cloud infrastructure is the   most secure extensive and reliable cloud platform  it offers over 200 services as of this recording   it not only allows you to deploy replication  across the globe by single click but it   also allows you to build and deploy specific  applications closer to your replica end users with   single digit millisecond latency it helps million  active customers from virtually every industry to   build and run every imaginable use case on aws so  this was a high level overview of aws global cloud   infrastructure now we'll look into some other  important concepts which are very much related   to aws global cloud infrastructure so first  important concept to understand is aws reason so what is aws reason aws has concept of reason  which is a physical location around the world   where aws has clusters of data centers so  basically aws reason is a physical location   which has cluster of data centers as you can see  in this diagram this aws region has three clusters   of data centers one cluster is here and second  crystal data center is here and third cluster   data center is here and these clusters of data  centers are connected to one another okay so let's   go to aws global cloud infrastructure webpage to  see some examples right so as you can see on this   map the blue circles um are the aws reason and red  circles are coming soon right so let's start with   north america so we have a region in northern  virginia we have reason in northern california   we have aw season in south pole of brazil let's  go to australia we have reason in sydney let's   go to south africa we have aws reason in cape  town let's go to some european countries we   have reason in ireland we have a series in um  london uh we have italy citizen in paris in in frankfurt germany milan we have spain coming soon  let's see here we have the native region in tokyo   this is a middle eastern country bahrain and  uh uae coming soon and now in india we have the   native series in mumbai and it is in hyderabad  coming soon so so you get the idea right so aws   has reason all across the world right um again  the reason is basically cluster data center so   whenever you hear it is the reason you have to  think about that okay uh it's a cluster of data   centers that's the whole concept so i think you've  got the high level understanding of aws reason now   next uh another important concept in aws is aws  availability zone it is also called az in sort   so as we talked earlier that aws has clusters  of data centers on multiple locations   around the world and the location containing  clusters of data centers is called aws region   that being said an individual discrete clustered  data center is called aws availability zone right   another way to understand is that an availability  zone is one or more discrete data centers   with redundant power networking  and connectivity in an aws reason   so let's go to aws uh global infrastructure  to get more detail about aws availability zone   so as you can see for instance northern virginia  um region has six availability zones okay   and northern california reason have five  availability zones similarly uh sydney has uh   three availability zones and let's go to london  see so it has three availability zones right   so let's simplify a bit in an aws location or in  advanced region there are clusters of data centers   spread across in location and individual discrete  cluster data center is called aws availability   zone aws availability zones in reasons have  connectivity with one another okay so these   so these availability zones are connected with one  another to strengthen the concept further i would   like to share this point a common misconception  is that single zone equals a single data center in   fact each zone is backed by one or more physical  data centers with the largest backed by five while   a single availability zone can span multiple data  centers no two zones share a data center right   okay so i hope you feel comfortable now with aws  reason and aws availability zone concept another   concept related to aws global cloud infrastructure  is aws local zones so aws local zones are a type   of aws infrastructure deployment that places aws  compute storage database and other select services   closer to larger population let's go to aws local  zone webpage to get more idea about it so this is   a web page about adobe press local zones and here  it says that eight plus local zones are a type of   awc infrastructure deployment that places aws  compute the storage database and other select   services closer to larger population with aws  local zones you can easily run applications   that need single digit millisecond latency  closer to end users in a specific geography   this is important line actually uh with aws  local zones you can easily run applications   that need single digit millisecond latency  closer to end users in a specific geography   aws local zones are ideal for use cases  such as media entertainment content creation   real-time gaming live video streaming and machine  learning influence so the key takeaway is that if   you need single digit millisecond latency closer  to your end users in a specific geography look   for aws local zones the another important concept  is aws wavelength which is an aws infrastructure   offering optimized for mobile edge computing  applications okay so let's go to aws wavelength   webpage to get more idea about it so this is  the aws wavelength web page here it says that   aws wavelength is an aws infrastructure offering  optimized for mobile age computing applications   wavelength zones are aws infrastructure deployment  that embed aws compute and storage services within   communications service providers data centers  at the age of 5z network this is the key point   so application traffic from 5z devices can reach  application servers running in wavelength zones   without leaving the telecommunication network  this avoids the latency that would result from   the application traffic having to traverse  multiple hops across the internet to reach   their destination enabling customers to take  full advantage of latency and bandwidth benefit   offered by 5z networks so you can read more  detail about it so the key takeaway is that   is that if you are deploying applications to  leverage 5z look for the aws wavelength so i   think you've got a good understanding  about aws global cloud infrastructure welcome back in this video you will  learn how to create an ec2 instance   and install a web server you will also  learn how to search into an ec2 instance   but before launching the instance let's go to the  ec2 web page to get a high level idea about ec2   i'm on the ec2 home page the first important thing  to notice is that it is a sorter form of elastic   compute cloud now let's see what it does it is  a web service that provides a secure resizable   compute capacity in the cloud okay in this  line let's parse some keywords or phrases to   get a good idea about ec2 okay the first is web  service what it means is that you can access the   ec2 instance using an http endpoint okay the  other important word in this line is secure   what it means is that you can control inbound  and outbound traffic to the ec2 instance   okay the other important phrase is resizable  compute capacity what it means is that ec2   instance has an auto scaling feature and using  the auto scaling feature you can let ec2 instances   scale up or down based on various metrics  such as cpu utilization or io throughput   on this ec2 web page i would like to  bring your attention to these four points you can launch over 400 different types of ec2  instances aws is the only cloud provider that   supports mac os you can launch ec2 instances in  25 reasons and even availability zones worldwide   and you have choice of intel amd and arm  based processors you can read rest of   it but i think this much basic knowledge  about ec2 is sufficient uh for this topic   we will cover ec2 in more detail in ec2 lesson  okay now let's head over to the aws management   console to launch an ec2 instance i'm on the aws  homepage let's login to aws management console   so i'm logged in go to ec2 service by either  typing ec2 in the on the search bar or selecting   ec2 from the recently visited services if it is  shown i'm going to type ec2 in the search bar okay and i will select this vc2 so now i  see the ec2 dashboard as you can see in   my account one instance is running at the top  right you will see your account name next is   your default reason in my case it is northern  virginia and which has a reason code usc 1   in your case your default region could be  different depending on your location okay   since i'm launching an instance i will click on  launch instance next is to select ami which is   amazon machine image default all mis are listed  you can search for linux windows or mac ami   is here now let's search for windows to  just check it out all the windows amis as you can see these are the  windows ami is available on ec2   right and also you can launch a mac type  of ec2 instance as well so let's search for   mac okay as you can see there are three mac mi's  are available okay now since i will be launching a   web server on linux machine let's search for linux  as you can see there are so many options are here   the question is that which one i should choose  right the first deciding factor for me is that   i'm looking for free tier instance as i'm  not looking for any high end configuration   just minimal ram and hard disk is okay  for me so so this one is likely choice   but next deciding factor for me is that since  i'm launching linux virtual machine on aws   i would look for amazon linux mi why imagine linux  mi usually it's good idea to use an image on linux   mi because you get additional features related  to aws already set up for instance if you need to   run aw cli commands on the launched ec2 instance  you don't need to install awcli separately okay   so that being said i will select amazon linux  2mi which is 3t reliable so it will have awcli   and it was related to configuration already set up  okay and 64-bit x86 is okay so let me select here   okay now here i will select a t2 micro um as it is  free tier eligible the t2 micro is instance type   okay so what is instance type aws has  ec2 instance categorization based on   combinations of cpu memory storage and networking  capacity t2 micro is one of the instance type   right there are other instance types as well you  could see here t2 medium t2 large g2 extra large   right and they all have varying cpu memory  and instances storage okay so click on next   configure instance details here default is  okay the only thing i will add here is that   a couple of linux cell commands to in  the user data to install web server right   um one thing i wanted to mention here just for  this reason there are six availability zones right   right now since it is a i'll be launching  one instance it doesn't matter which   availability zone i choose but if i were to  choose is i could say choose this usc 1a right   now come to user data so what is user data right  let me copy and paste uh cell command first here   what is user data you can specify user data to  configure an instance or run a configuration   script during launch the one advantage of  user data data is that you can launch more   than one instance at a time the user data is  available to all instances in that reservation   okay so right now i'm launching only one instance  suppose if i were to launch three instances i have   to just place this user data script in just one  place and all three instances will get this from   user data section okay let me make it this to  one because i'll be launching one instance okay   now let's go through each lines to understand what  it is so first line is i'm saying that i will be   using bash shell and second line it says that to  update os it's always a good practice to update os   in case if there is a new security patch  has been released but it is not available   in the mi that you are using which could  lead to potential security risk right   um so it's good practice to always do street  vm update when you start your linux machine   okay third lineup is about installing http web  server and the last line is about start web   server additionally whenever this ec2 instance  stops and it starts again http demon uh will   be started as well means web server will be  started automatically at the server startup okay   next click on add storage and eight gig is okay  here okay next click on add tags i'll just skip   it because this is an optional section next is  configure security group so what is security   group security group is a mechanism to control  inbound and outbound connection to the launched   ec2 instance for example what type of traffic  and sources are allowed to make the connection   on this launched ec2 instance is inbound ftp  connection allowed if allowed is it allowed from   all ip addresses or selected ip addresses you got  the id right and with regards to default settings   no inbound connection is allowed to the launch  instance and default all outbound connections   are allowed from the launched ec2 instance  okay that being the case uh i need to set up   inbound connections for this instance okay so  i'll create new security group and let me name   this security group let me add description also uh  it's good idea to put description as someone going   through will know what what the security group  is all about okay now i'll change the source ip   so that ssh connection can be only done from  my machine so i will change the uh source   to myappy right so that way sss connection can be  made only from my machine and secondly i need to   open http connection port for the web server so i  will click on add role and i will select http on   type and for source uh i'd like my web server  to be accessed from anywhere so i will change   source to anywhere okay now we'll click on review  and launch so for me everything is fine let me   click on launch button and here it is asking to  um about key pair uh you need keep here to make   ssh connection uh to the launch machine so i will  create a new new key pair here let me give name of   this key pair then click on download key pair you  need to download keeper otherwise you will not be   able to make um connection uh so download keypair  click on launch instances now you see the message   it is saying that your instances are now launching  okay you can click here to view instances   it is not showing any name let me so let me  give apache web server tests okay so that   way i will know that this is the instance  that we are and that we are launching okay   now next thing is that we need to test  whether web server has been installed   correctly or not how to test it right i  can click here and uh default it adds https   but since i have not open https it won't work  so let me remove this s here now it should fine   as you can notice we got the apache web server  test page so now next is let's see how to make   ssh connection to the ec2 instance from the  local machine okay so let me open a new window   i will go to temp directory from this directory  i'll be doing all the operations etc etc so let   me copy the ec2 key pair that i downloaded  into this directory okay so as you can see   i got this uh keypad in this temp directory  now next thing we need to change the permission   of this key file to ensure that key is not  publicly viewable right now you could see that   um owner is having read write and there are read  options for group and for others as well right so   we need to change it so that it is not publicly  viewable means all other people cannot read it   so i'll do that you do chmod um 400 and  the file name okay now if you do ls l   uh you could see that um the read or read write  option or read option has gone for other users   only so now this key is not publicly viewable  okay now connect to launched ec2 instance   what you'll do you say ssh minus i and the key  pair name okay next is that you will give ec2   user which is default name for amazon linux  mi and then public ip address of the machine   and click enter you'll say yes now as you  can see that i have on the launched ec2   instance okay you can do ls here now let's go  to directory where we have server installed   okay unless uh right now there is no file let me  add a tester.html file and let's just put here um sorry we have to do sudo actually um okay page  okay save it now let's go and check whether this   html page is available or not you can see that  this page or not now this is the main url for   the web store that we launched on page let me  add this test.html to see that whether we are   getting that html file here or not so as you  can see we got the result of this is my test   home page right so this is how you will connect  to your ec2 instance and make changes whatever you   want right now the another thing suppose that  you are not on your machine right mac machine   or whatever which or whichever machine uh you're  configured to have a sss connection right you can   also make ssh connection um directly from this  browser so if you click here on connect button   and here public ipad is fine and username is  easy to user and let's click on connect right   um right now it is failing because i have  inbound sss connection from my machine only right   so that's the reason it is failing so let  me go first and make change security group   this is the security group that we we had  click on inbound and let me make change here   to ssh click edit inbound role and here let me  change it to um anywhere though i will not suggest   it but some some and sometimes you may need it if  you are not available on your local machine and   would like to make change remotely from anywhere  else right so in that condition you need this   uh in that case it this option is helpful okay  so make change you say save rules and now go to   instance select instances and say connect and rest  all these options are okay let's click connect   and you see i got connected here right this  is how you will make ssh connection from   from the aws management console okay now you  can um you can stop instance you can reboot   instance you can terminate distance right  i usually terminate instance if i don't   need it let me terminate this instance and say  dominate okay we refresh here just to show you   and now this instance instance is shutting  down and ultimately it will terminate okay   so in this video you saw how to launch  an ec2 instance and set up a web server   then you saw how to make ssh connection to launch  the ec2 machine both from the local machine and   from the device management console then finally  you saw how to terminate the launch machine   welcome back this video is about an introduction  to s3 which is an awesome storage service s3 is a   very popular aw service we will cover actually in  detail in this relation but before let's go to s3   homepage to understand what s3 is okay so i'm on  the s3 home page first noticeable point about what   s3 is is that it is object storage built to store  and retrieve any amount of data from anywhere   and s3 is the abbreviated form of simple  storage service which means s3 provides setup   apis to store and retrieve data on the cloud  okay essentially aw services are set up apis   so let me read uh this line further uh because  this line is uh essentially very much carries the   essence of what s3 is okay amazon simple  storage service is an object storage service   okay that offers industry leading scalability  data availability security and performance   so here is my take in this line if we can  understand the phrase object storage and   scalability data availability security and  performance then we will have fairly good   conceptual understanding of what is three is okay  so there are two other keywords compliance and   durability that are important to understand as  well i will cover them later in the video okay   so let's understand the phrase object storage  because this is the key to understand s3 okay   regarding a storage we are more familiar with file  storage which is a type of storage system used by   operating systems however s3 is not a file storage  service it is an object storage service okay   so this is a crucial concept to keep in mind okay  so that being said the question then is what is   object storage or object-based storage okay in  object storage objects are the distinct units   to manage and manipulate data  storage okay or in more simple words   data storage is managed as objects okay in object  storage there is no folder or hierarchy concept   like we have in file storage systems instead in  an object storage systems everything is stored   in a flat address space which is called  storage pool okay in aws this storage pool   has a particular name called bucket we will see  how to create bucket ns3 later in this video   when we upload an image okay each object is  stored in a bucket and there is a limitation   for the maximum size of the object which can be  stored in the bucket okay the limitation is five   terabyte what it means is that you cannot upload  an object larger than five terabyte on s3 okay   each bucket gets a fully qualified domain name  and you use the fully qualified domain name of   a bucket to access objects in the bucket okay  another important point about object storage is   metadata metadata about objects are attached with  stored objects which is one of the reasons that   we can do high performance analytics on aws so  even though we don't have any idea about what the   object contents are still because of metadata  attached to the objects we can query objects   okay another feature of an object storage system  is that object storage systems can be scaled out   this is the key reason s3 storage systems has  virtual unlimited scalability okay the question   is then what is scale out in a storage system okay  there are two types of storage systems classic   scale up storage that most of us are familiar with  as it is used in file based storage systems the   other one is scale out which is closely related  to object storage systems in a scale up system the   storage scalability is limited by how many maximum  disks can be attached to storage controllers you   cannot add more storage if machine has reached  uh to the limit of how many maximum disks can be   attached okay on the other hand with the scale out  systems you have a cluster of machines forming a   storage address space which is called storage pool  or bucket in aws terms to increase the storage   capacity just add more machines which makes scale  out systems virtually unlimited scalable okay   so these object storage characteristics which are  storing objects in flat address of space metadata   and scale out are the critical factors in driving  s3 features okay this was a little bit longer but   i think understanding object storage is important  not only not only for s3 but also in general as   a software engineer okay so let's go back to the  first line again which we're trying to understand   okay in this line another keyword is scalability  since s3 is an object storage system and object   storage systems have virtual unlimited scalability  as we talked earlier that being the case s3 has a   theoretically virtually unlimited scalability  which is sort of logical conclusion okay   the next phrase is data availability s3 replicates  data or content of s3 bucket in a minimum of three   availability zones within a selected region okay  since availability zones are physically separate   the replication of on the additional availability  zones helps increase the degree of availability if   there is any device failure or any facility issue  at the data center of an availability zone okay   for instance since data are replicated on two  additional acs data can be sustained even though   data are lost concurrently in two facilities  okay the next keyword is security s3 provides   many securities related features for instance  you can store data in an encrypted form using   different types of encryption mechanism we will  cover s3 security in detail in this relation okay   the next keyword is performance in s3 you can  store data in in a reason nearest to your location   that way you will have low latency which leads  to a better performance okay so in this paragraph   another s3 related keyword is mentioned which is  compliance okay s3 has feature of cross region   replication which can be used to manage regulatory  compliance or keeping a copy of data in case of   a reason failure okay another keyword here is  that i would like to bring your attention to   is durability okay s3 has 11 9's durability which  means if you store 100 billion objects in s3 you   will lose one object at most okay so now you got  the idea about what is what s3 is it is a it is an   object storage service that offers scalability  data availability um security and performance   and durability of 11 9 okay and you can manage  regulatory compliance as well using cross reason   replication okay there are other sections  on this page particularly use cases section   okay um which you can go through you  will find them easier to understand now   i know it was a bit longer and theoretical  but i think this would help you to have solid   footing on s3 okay now let's move on to more  fun stuff where we will create a bucket and   upload an image to s3 okay so let's log into  aws management console and go to s3 home page okay i'm on the s3 homepage the first is my  account name you will see your account name   here then the next placeholder is for the reason  since s3 is a global service it doesn't show any   specific reason it says global okay now i'm on  this page to upload an image but i don't see   any option to upload the image okay you can see  right i don't see any option to upload anything   now here come interesting point which is related  to object storage concept we talked earlier   since s3 is an object based storage service we  need to create a storage pool to store objects   this storage pool is called bucket in aws  okay that being said we first need to create   a bucket to upload the image because currently  there is no bucket listed in my account okay   so click on create bucket button and now i'm  in the create bucket page i need to enter   bucket name here let's talk about  bucket name bucket name must be   unique within a partition let me click on  this link to show you bucket naming rules okay   and here is the important point bucket names  must be unique within a partition a partition   is a grouping of reasons aws currently has three  partitions aws standard reasons and aws china   reasons and aws usgov reasons okay let's come back  to the create bucket page let me give bucket name   usually it's good technique to use domain name  in bucket name which usually avoids possibility   of a name collision okay next is aws reason this  is where your actual data will be stored select   the reason which is nearest to your location  to have a low latency and good performance okay   your default reason will be displayed here and  you can change it right i will keep it as it is   as this is my nearest reason okay next is about  public access for this bucket i will block all   public access as this is my private bucket i don't  want the content of this bucket to be desired   if i was using this bucket to store my  website contents then i would have unchecked   this box okay means would have allowed  public access next is bucket versioning   disable option is fine but if you have use case  where you would want previous versions to be   retained to recover from unintended user actions  then you would check the enable radio button okay   next option is about whether you would want  the content of this bucket uh to be encrypted   okay for me disable is fine i don't want  to encrypt content of this bucket as this   bucket will have only images and encryption will  have extra overhead to impact performance okay   next is advanced settings this is about if you  don't want objects to get deleted in the bucket   disable option is fine i don't have  any regulatory compliance sort of data   in this bucket which i would like to be not  deleted okay so disable option is fine so that i   can delete content of this bucket if i would like  to okay click on create bucket as you can see that   bucket has been created okay and if you select  the bucket you can see options to delete the   bucket or empty the bucket okay you cannot delete  a bucket if there is any object in the bucket okay   click on the bucket now i am on the bucket page  let me click on the upload button to upload an   image which i have okay now i'm in the upload page  click on the add files up button to upload files   and this is the image i have aws image okay now  i will click on upload button load is succeeded   let me click on close button select the image on  this page details about the image is displayed   for instance owner aws reason size type key s3  uri which is a unique fully qualified domain   name to access the image for instance if you're  writing code to access the image from your java or   python code you will use this uri okay next is arn  which is used to manage permissions on the object   for instance the iron can be used in iem  to set access permissions about this object   then e tag which is md5 checksum of that file etag  is used to find out if object has been modified   and this is object url if i click on this url  image is not accessible because i have disabled   public access on this bucket okay however if i  click on the open button i can see the uploaded   image reason is that it is pre-signing the url  i will talk about pre-signing in estimation   in detail okay so this is the aws image which i  uploaded okay we'll look into s3 in more detail in   this relation but i think in the meantime you have  got a good high level conceptual understanding   about what is three is and you can create a  bucket and upload objects to the bucket okay welcome back adw security and compliance is  another essential advanced functional concept   as an aws professional it is crucial to have  a high level understanding of how aws handles   security and compliance aws cloud security is  much like security in an on-premises data center   that being the context first i will cover  how it will handle security at a high level   and then i will cover at a high level how aws  helps organizations when it comes to compliance   of applications deployed on its platform okay  so let's first start with aws cloud security   how important security is for enterprise  applications it doesn't matter whether   organizations have their applications on premises  or on the cloud security is extremely important   for the deployed applications so what security  is from enterprise applications perspective   let's first understand what security is in  more general term from enterprise applications   perspective security which is core non-functional  requirement in most enterprise systems protects   accidental leakage theft integrity compromise  or deletion of valuable information asset okay so how aws handles security  of enterprise applications   deployed on its platform in order to maintain  trust and confidence in their customers   aws has implemented comprehensive  security mechanism or safeguards in place   to keep customers data safe all data are stored  in a highly secured awareness data centers   continuing further on how it was approached  security to provide peace of mind to its customers   aws has built its data centers and  network architecture in such a way   to meet the requirements of the most  security sensitive organizations   what it means organizations can get their security  requirements with much lower operational cost if   we compare the cost with how expensive it would be  if they were to get those security requirements on   their on-premises data centers right organizations  would also inherit best practices of aws policies   architecture and operational processes  which are already built into the aws core   security infrastructure that way aw satisfies the  demand of most security sensitive organizations   how is the aws infrastructure with  respect to security perspective   aws infrastructure is designed from  the cloud architectural perspective   with security best practices in mind aw shares  security responsibility with organizations   where aws takes care security of the underlying  infrastructure while organizations have to take   care of the application security this  is very important point actually okay aws uses layered approach to security it makes  sure that underlying systems are monitored from   potential threats and protected around the  clock okay aws environments are continuously   audited with certifications from accreditation  bodies across geographies and verticals okay   what benefits does adab security provide to  enterprise applications deployed on its platform   keeps customers data safe the aws infrastructure  puts strong safeguards in place to help protect   your privacy all data is stored in highly secured  aws data centers meets compliance requirements   aws manages dozens of compliance programs in  its infrastructure another one is saves money   customers saves money as they would not have to  manage on-premises security as secure as security   would be managed in advanced data centers and it  scales quickly security scales with your aws cloud   usage no matter the size of your business the  awc infrastructure is designed to keep your data   safe okay another important foundational concept  to understand is how aws approaches compliance   compliance requirements vary country or reason  wise when applications are deployed on aws   organizations have complete control and ownership  of their applications in that region so that   they can set up their application which is secure  governance focused and have applicable compliance   and audit features the following is partial list  of assurance programs with which edibles complies   it complies with stock 1 software and shock  3 also it complies with federal information   security management act fisma department of  defense information srn certification and   accreditation process dicap and federal risk and  authorization management program fedramp also it   complies with payment card industry data security  standard pci dss level one okay uh finally it   complies with various iso such as 9001 27001 iso  27017 and iso 27018 okay that was the high level   overview of edible security and compliance and  i will add aws webpage url for this topic okay
Info
Channel: KnoDAX
Views: 49,235
Rating: 4.9892673 out of 5
Keywords: aws tutorial for beginners, aws tutorial, what is aws, aws introduction, Aws for beginners, what is aws s3, how to create ec2 instance, How to make ssh connection on aws, how to install web server on ec2, How to create IAM user in AWS, how to add a user to aws account, aws global infrastructure, aws local zones, aws availability zone, aws regions, aws free tier, how to add mfa, aws billing dashboard, Aws security and compliance, aws budget
Id: HDVdosmnfgE
Channel Id: undefined
Length: 68min 56sec (4136 seconds)
Published: Wed Sep 01 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.